New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 851384 link

Starred by 1 user
Status: Fixed
Owner:
kochi@chromium.org
Last visit > 30 days ago
Closed: Jun 2018
Cc:
yosin@chromium.org
hayato@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Relayout failed with ShadowDOM

Reported by sylvain....@gmail.com, Jun 11 2018 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3453.0 Safari/537.36

Steps to reproduce the problem:
1. Show the attached file in chrome Canary: you should not see a green rectangle
2. Click on button "1." : page is reloaded without a layout computing in script and a green rectangle should appear.

What is the expected behavior?
The green rectangle should de visible even when we call a property like HTMLElement.clientHeight in script

What went wrong?
a combination of using a ShadowDOM and a layout calculation in a script.

Did this work before? Yes ok in 68.0.3440.7 (tested on linux). Failed in Canary since around 10 days.

Does this work in other browsers? Yes

Chrome version: 69.0.3453.0  Channel: canary
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: 

When the green rectangle is not visible, go to DevTools and  uncheck / check  css 'display' on <tst-container/> node for example : layout is recomputed and the green rectangle appear.
redrawShadow.html
1.3 KB View Download

Comment 1 by tkent@chromium.org, Jun 11 2018

Cc: hayato@chromium.org
Components: Blink>DOM>ShadowDOM

Comment 2 by hayato@chromium.org, Jun 11 2018

Labels: -Pri-2 Pri-1
This looks a regression.

Comment 3 by hayato@chromium.org, Jun 11 2018

Owner: kochi@chromium.org
Status: Assigned (was: Unconfirmed)
kochi@, could you try to fix that?

If you couldn't, please feel free to assign this to me.
Since this is a regression, I appreciate if you could inform me asap.

Comment 4 by hayato@chromium.org, Jun 11 2018

Cc: yosin@chromium.org
+yosin@, in case you are interested in.

Comment 5 by hayato@chromium.org, Jun 11 2018

Labels: ReleaseBlock-Stable M-69

Comment 6 by kochi@chromium.org, Jun 11 2018 

Bisected and found
https://chromium-review.googlesource.com/c/chromium/src/+/1070979
was the point this started failing.

With debug build, the given test case hits DCHECK() in
AssertLayoutTreeUpdated().  Here's the stack trace:

#8 0x7f9334df12b4 logging::LogMessage::~LogMessage()
#9 0x7f9324ce602b blink::AssertLayoutTreeUpdated()
#10 0x7f9324ce6356 blink::AssertLayoutTreeUpdated()
#11 0x7f9324ce10aa blink::Document::UpdateStyleAndLayoutTree()
#12 0x7f9324ceb882 blink::Document::ImplicitClose()
#13 0x7f9324ceb1f1 blink::Document::CheckCompleted()
#14 0x7f932599536b blink::FrameLoader::FinishedParsing()
#15 0x7f9324cf8bf3 blink::Document::FinishedParsing()
#16 0x7f93265beb27 blink::HTMLConstructionSite::FinishedParsing()
#17 0x7f932663575f blink::HTMLTreeBuilder::Finished()
#18 0x7f93265d30ee blink::HTMLDocumentParser::end()
#19 0x7f93265c9e67 blink::HTMLDocumentParser::AttemptToRunDeferredScriptsAndEnd()
#20 0x7f93265c9ba3 blink::HTMLDocumentParser::PrepareToStopParsing()
#21 0x7f93265cf857 blink::HTMLDocumentParser::ProcessTokenizedChunkFromBackgroundParser()
#22 0x7f93265cb782 blink::HTMLDocumentParser::PumpPendingSpeculations()
#23 0x7f93265cb132 blink::HTMLDocumentParser::ResumeParsingAfterYield()
#24 0x7f93265f2c2d blink::HTMLParserScheduler::ContinueParsing()

Comment 7 by sylvain....@gmail.com, Jun 11 2018 

I see M-69 flag, but I think this issue was also present in M-68, before we switch to M-69 in Canary.

Comment 8 by kochi@chromium.org, Jun 11 2018 

I tested the case in Win Chrome beta (68.0.3440.17, 64bit),
and it is not failing.

I'd appreciate you can also check with beta on your site.

Comment 9 by sylvain....@gmail.com, Jun 11 2018 

Sorry you're right, no problem in Version 68.0.3440.17 (Build officiel) beta (64 bits)
Project Member

Comment 10 by bugdroid1@chromium.org, Jun 11 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/864a1050facb4d6cbb159404ebac88d6b18f0bfb

commit 864a1050facb4d6cbb159404ebac88d6b18f0bfb
Author: Rune Lillesveen <futhark@chromium.org>
Date: Mon Jun 11 19:06:16 2018

[Squad] Clear ChildNeedsStyleRecalc() when recalc for reattach.

Otherwise, we ended up recalculating style for an element twice when we
first recalculated style for re-attach of slotted elements in the flat
tree and then traversed the same slotted children in their light-tree
position.

This caused a DCHECK failure for clean style and layout.

Added more DCHECKs to detect if we do extra calls to
StyleForLayoutObject().

Bug:  850664 ,  851384 
Change-Id: I975509d23f91b7ae7ea5b4545377436bb7514f0a
Reviewed-on: https://chromium-review.googlesource.com/1095096
Commit-Queue: Rune Lillesveen <futhark@chromium.org>
Reviewed-by: Anders Ruud <andruud@chromium.org>
Cr-Commit-Position: refs/heads/master@{#566091}
[add] https://crrev.com/864a1050facb4d6cbb159404ebac88d6b18f0bfb/third_party/WebKit/LayoutTests/html/dialog/showmodal-in-shadow-crash.html
[modify] https://crrev.com/864a1050facb4d6cbb159404ebac88d6b18f0bfb/third_party/blink/renderer/core/dom/element.cc
[modify] https://crrev.com/864a1050facb4d6cbb159404ebac88d6b18f0bfb/third_party/blink/renderer/core/dom/node.cc
[modify] https://crrev.com/864a1050facb4d6cbb159404ebac88d6b18f0bfb/third_party/blink/renderer/core/dom/node.h

Comment 11 by futhark@chromium.org, Jun 11 2018

Status: Fixed (was: Assigned)

Sign in to add a comment